Add Groovy as a scripting language, add groovy sandboxing

[dakrone]

Sandboxes the groovy scripting language with multiple configurable
whitelists:

script.groovy.sandbox.receiver_whitelist: comma-separated list of string
classes for objects that may have methods invoked.
script.groovy.sandbox.package_whitelist: comma-separated list of
packages under which new objects may be constructed.
script.groovy.sandbox.class_whitelist comma-separated list of classes
that are allowed to be constructed.

As well as a method blacklist:

script.groovy.sandbox.method_blacklist: comma-separated list of
methods that are never allowed to be invoked, regardless of target
object.

The sandbox can be entirely disabled by setting:

script.groovy.sandbox.enabled: false

[s1monw]

we should really have a section that says that we added this in 1.3 and where to find the docs for the prev. version?

[dakrone]

Sure, I added the "coming in 1.3.0" part, but not sure where to link for older documentation since 1.2 hasn't been released yet. Once it's released I'll add a commit to point to the older documentation.

[clintongormley]

Docs are built for branches, ie 1.x, master, not for released versions. So you should use a deprecated tag for mvel eg deprecated[1.3.0,Replace by groovy as the default scripting language, see old docs here <>]

[s1monw]

@dakrone can you address clintons comments?

[dakrone]

Added a commit to rearrange and (hopefully) clarify the mvel deprecation.

[s1monw]

oh man this looks awesome!

[rmuir]

shouldn't this be java.lang.Character?

[dakrone]

Whoops, good catch, fixed.

[dakrone]

Added a number of commits to address the feedback, @s1monw can you take another look?

[s1monw]

any chance we can make this a constant?

[dakrone]

Yes, I will make everything a constant that can be for this.

[s1monw]

mabye we can use _score here too?

[dakrone]

I looked into this, _score doesn't work for either Groovy or Mvel (probably due to this being in an aggregation?). If this is something we want to support I think we should open a separate issue for it.

[s1monw]

oh I see makes sense!

[s1monw]

did another review.... looks pretty close... left some commetns

[s1monw]

IMO we should make this class package private and final? Can you also put in the comment where this is used and for what reason just be a little more verbose.... we might also just put it as a inner class?

[dakrone]

@s1monw updated this PR with all of the changes you recommended :)

[s1monw]

this actually LGTM maybe @kimchy want's to take a look?
good job!

[kimchy]

@dakrone this looks great!, a few comments:

• I would add a 3 value setting to dynamic script enable now, true, false, and sandbox.

For 2.0:

• I would remove mvel completely
• Default to sandbox in dynamic script setting, and groovy as the lang.

For 1.3:

• I would suggest also removing mvel completely, aside from security, its just buggy, if we decide to, then its the same changes as 2.0, including properly documenting how to install the mvel plugin and setting mvel as the lang by default, and properly mark it as a breaking change.
• If there is resistance from removing mvel, then keep mvel around and keep it as the default lang, next to groovy being an option. Default dynamic script should still be sandbox.

[dakrone]

@kimchy Sounds good, I updated the documentation and completely removed mvel as well. I also added the 3-value setting for dynamic scripting.

[s1monw]

so this means that upgrading to 1.3 from any prev version means you need to install the mvel plugin on the upgrade and pass mvel as a param in the request to opt in to this language? I think we really need to invest into an upgrade guide here!

[dakrone]

@s1monw yes, the mvel plugin will have to be installed and the script.default_lang: mvel option would have to be added to continue using mvel as the default.

For an upgrade guide, do we want to add the two settings to the release notes? It will also be on the scripting blog post to come out after this is merged as well.